Solved

Active Directory (Netdiag) failed test KnowsOfRoleHolders

Posted on 2007-04-03
5
4,998 Views
Last Modified: 2008-06-21
I have a Windows 2003 network, with a mix of windows 2000 and windows 2003 DCs, one domain, each dept had their own local DC, all servers have the latest service packs installed.

Recently I added tree new DCs, when I run the netdiags on each server, I get this report back:

****************************************************************************************************

DC Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial non skippeable tests
   
   Testing server: Default-First-Site-Name\S-WATER-KP
      Starting test: Connectivity
         ......................... S-WATER-KP passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\S-WATER-KP
      Starting test: Replications
         ......................... S-WATER-KP passed test Replications
      Starting test: NCSecDesc
         ......................... S-WATER-KP passed test NCSecDesc
      Starting test: NetLogons
         ......................... S-WATER-KP passed test NetLogons
      Starting test: Advertising
         ......................... S-WATER-KP passed test Advertising
      Starting test: KnowsOfRoleHolders
         [TOSMAINBAC] DsBind() failed with error 1722,
         The RPC server is unavailable..
         Warning: TOSMAINBAC is the Schema Owner, but is not responding to DS RPC Bind.
         [TOSMAINBAC] LDAP connection failed with error 58,
         The specified server cannot perform the requested operation..
         Warning: TOSMAINBAC is the Schema Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Domain Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the PDC Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Rid Owner, but is not responding to LDAP Bind.
         Warning: TOSMAINBAC is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         Warning: TOSMAINBAC is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... S-WATER-KP failed test KnowsOfRoleHolders
      Starting test: RidManager
         [S-WATER-KP] DsBindWithCred() failed with error 1722. The RPC server is unavailable.
         ......................... S-WATER-KP failed test RidManager
      Starting test: MachineAccount
         ......................... S-WATER-KP passed test MachineAccount
      Starting test: Services
         ......................... S-WATER-KP passed test Services
      Starting test: ObjectsReplicated
         ......................... S-WATER-KP passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... S-WATER-KP passed test frssysvol
      Starting test: kccevent
         ......................... S-WATER-KP passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0001F60
            Time Generated: 04/03/2007   12:25:00
            Event String: The browser service has failed to retrieve the

         ......................... S-WATER-KP failed test systemlog
   
   Running enterprise tests on : TOSMAIN.local
      Starting test: Intersite
         ......................... TOSMAIN.local passed test Intersite
      Starting test: FsmoCheck
         Error: The server returned by DsGetDcName() did not match DsListRoles() for the PDC
         ......................... TOSMAIN.local passed test FsmoCheck

*************************************************************************************************

The other DCs on the network come back clean. The TOSMAINBAC server failed with the blue screen of death, I have since replaced this DC, alll other DCs recognize the new DC, except for these 3 DCs. I was unable to demote this failed DC

I would usually just seize the roles, but I am concerned because that all the other DCs see the correct server who now holds the roles.

Secondly, this TOSMAINBAC is still listed in the AD, it will not all me to remove.
0
Comment
Question by:AccessYourBiz_Com
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 38

Expert Comment

by:Shift-3
ID: 18845277
Make sure that all DCs have the correct DNS server IPs selected in their TCP/IP Properties.

Back up the System State on all DCs before changing anything.

Seize all the FSMO roles.
http://support.microsoft.com/kb/255504

Assuming you have a single-domain forest, make all your DCs Global Catalog servers.
http://support.microsoft.com/kb/313994

Manually remove TOSMAINBAC from Active Directory using NTDSUTIL.
http://support.microsoft.com/kb/216498

Remove TOSMAINBAC from Active Directory Sites and Services if it still appears there.
0
 
LVL 3

Author Comment

by:AccessYourBiz_Com
ID: 18845504
Just wanted to double check, all other DCs know the correct role holder, just these three do not, should I go ahead seizing the roles on these DCs?
0
 
LVL 3

Author Comment

by:AccessYourBiz_Com
ID: 18846050
When I run, ntsdutil on the problem server, the select roles, then connections, when I enter the comand "connect to server [servername]", I receive an error message

Binding to [servername]
DSBindW error 0x57(the parameter is incorrect)

if I run the same command (connect to server [servername] on any other controller in the domain, (except the 3 problem servers) the connection is successful.

Thanks
Steve
 
0
 
LVL 38

Accepted Solution

by:
Shift-3 earned 500 total points
ID: 18846068
You may want to run DCDIAG and REPADMIN first to make sure these DCs are replicating correctly.  A replication problem could account for the disparity in FSMO listings.
0
 
LVL 3

Author Comment

by:AccessYourBiz_Com
ID: 18846373
Thanks for your reply, in this case I know they are not replicating correctly, the errors I listed earlier are from the dcdiag program. When using the ntdsutil to connect to the PDC, I tried both the IP and the DNS name with no success.

Thanks
Steve
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question